Let's stay protected
Learn how we protect ourselves and our clients to ensure we all stay safe
Cloud Provider Certifications
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates protecting the privacy and security of health information.
Gryphon can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with Gryphon.
Data Retention and Disposal
Gryphon only retains personal data for the purpose of delivering services pursuant to client agreements, and compliance with all applicable laws and regulations. Personal data is disposed of when no longer required to meet contractual or legal obligations.
Network and Infrastructure Security
Gryphon infrastructure is deployed using best practices for hardening systems including vulnerability scanning, security patching, secure coding practices, CIS standards for password strength and rotation, role-based access control, and removal of all default, shared, and/or unnecessary administrative and privileged service accounts. Access to all Gryphon infrastructure requires the use of an encrypted VPN with multi-factor authentication.
Product and Application Security
Gryphon employs Role-Based Access Control (RBAC) for all information and IT assets across the company. Access levels are granted based on job responsibilties using the principle of least privilege, with access modified or revoked as needed when an employee's job responsibilities change. Entitlements are directory-managed, and reviews are conducted on a recurring basis. CIS Standards are applied to password strength and rotation requirements, and multi-factor authentication is in-place where supported.
Mobile Device Management
Gryphon utilizes enterprise mobile device management (MDM) solutions that enforce endpoint protection policies, local drive encryption, password strength and rotation requirements, idle time screen lock, and remote wipe capabilities on all employee workstations. Gryphon does not allow access to product infrastructure via mobile phones.
Penetration Test Report
Gryphon employs third party security vendors to perform Security, Vulnerability and Penetration testing for our products. Scans are performed in accordance with compliance requirements, and findings are remediated according to their severity and impact. An Executive Summary of our most recent external penetration test may be requested by emailing Trust@gryphon.ai (NDA Required).